Apple fixes ninth zero-day vulnerability used in attacks against iPhones

Apple confirmed in an advisory that it has fixed a zero-day vulnerability used in attacks against iPhones. The flaw marks the ninth zero-day bug Apple has fixed in 2022, although the tech giant says the vulnerability “may have been actively exploited.”

Despite confirmation that the vulnerability is being actively exploited, Apple has not yet released any information about the attacks. It is believed that the refusal to disclose details will allow Apple customers to patch their devices before more attackers develop additional exploits and use them in attacks.

The bug in question is an out-of-bounds write issue reported to Apple by an anonymous researcher, caused by software that writes data outside the limits of the current memory buffer.

Successful exploitation can lead to data corruption, application crashes or code execution due to undefined or unexpected results due to subsequent data written to the buffer.

Apple warned that the vulnerability could be exploited in attacks and used by potential attackers to execute arbitrary code with kernel privileges.

Affected are Apple devices from iPhone 8, iPad (all models), iPad Air from the 3rd generation and later, iPad from the 5th generation and later, and iPad mini from the 5th generation and later.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web